add automatic container update logic

2025-11-24 01:12:16 +01:00 · 2025-11-24 01:12:16 +01:00 · 4d05a6fbe9
commit 4d05a6fbe9
parent 4f41394763
2 changed files with 44 additions and 4 deletions
--- a/hosts/nixos/hs/system.nix
+++ b/hosts/nixos/hs/system.nix
@ -12,6 +12,12 @@
    ../../../modules/samba.nix
  ];

+  # Automatic container updates
+  virtualisation.podman.autoUpdate = {
+    enable = true;
+    interval = "Wed *-*-* 06:00:00";
+  };
+
  # GRUB bootloader with ZFS support
  boot.loader.grub = {
    enable = true;
--- a/modules/podman.nix
+++ b/modules/podman.nix
@ -1,6 +1,10 @@
 { config, pkgs, lib, ... }:

+with lib;
+
 let
+  cfg = config.virtualisation.podman;
+
  # System-wide script for updating containers (works with sudo)
  update-containers-script = pkgs.writeShellScriptBin "update-containers" ''
    echo "Scanning running containers..."
@ -43,8 +47,20 @@ let
  '';
 in
 {
-  # Container virtualization with Podman
-  virtualisation = {
+  options.virtualisation.podman.autoUpdate = {
+    enable = mkEnableOption "automatic container updates";
+
+    interval = mkOption {
+      type = types.str;
+      default = "daily";
+      example = "*-*-* 03:00:00";
+      description = "Systemd timer schedule for automatic updates (OnCalendar format)";
+    };
+  };
+
+  config = {
+    # Container virtualization with Podman
+    virtualisation = {
    podman = {
      enable = true;
      # Create a `docker` alias for podman, to use it as a drop-in replacement
@ -62,7 +78,25 @@ in
    };
  };

-  # Make update-containers available system-wide (works with sudo)
-  environment.systemPackages = [ update-containers-script ];
+    # Make update-containers available system-wide (works with sudo)
+    environment.systemPackages = [ update-containers-script ];

+    # Automatic container updates via systemd timer
+    systemd.services.container-update-all = mkIf cfg.autoUpdate.enable {
+      description = "Automatic Podman container updates";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${update-containers-script}/bin/update-containers";
+      };
+    };
+
+    systemd.timers.container-update-all = mkIf cfg.autoUpdate.enable {
+      description = "Timer for automatic Podman container updates";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = cfg.autoUpdate.interval;
+        Persistent = true;
+      };
+    };
+  };
 }